- name: make registry-signatures dir
  file: state=directory path=/srv/web/registry-signatures owner=apache group=sysadmin-releng mode=2775 setype=httpd_sys_content_t seuser=system_u
  tags:
  - fedora-web

- name: make registry-index dir
  file: state=directory path=/srv/web/registry-index owner=apache group=sysadmin-releng mode=2775 setype=httpd_sys_content_t seuser=system_u
  tags:
  - fedora-web

- name: Copy over the Fedora Server CA cert
  copy: src="{{ private }}/files/fedora-ca.cert" dest=/etc/pki/httpd/fedora-server-ca.cert
        owner=root group=root mode=0644
  notify:
  - reload proxyhttpd
  tags:
  - fedora-web
  - fedora-web/registry

#- name: Copy in the sync-registry-signatures cronjob
#  copy: src=cron-sync-registry-signatures dest=/etc/cron.d/sync-registry-signatures
#  tags:
#  - fedora-web
#  - fedora-web/registry

- name: Temporarily disable the registry-signatures cronjob
  file: path=/etc/cron.d/sync-registry-signatures state=absent
  tags:
  - fedora-web
  - fedora-web/registry

- name: Copy in the sync-registry-index cronjob
  copy: src=cron-sync-registry-index dest=/etc/cron.d/sync-registry-index
  when: env == "staging"
  tags:
  - fedora-web
  - fedora-web/registry

- name: Copy over the registry CA
  copy: src="{{private}}/files/docker-registry/{{env}}/docker-registry-ca.pem"
        dest="/etc/pki/httpd/registry-ca-{{env}}.cert"
        owner=root group=root mode=0644
  notify:
  - reload proxyhttpd
  tags:
  - fedora-web
  - fedora-web/registry

- name: Copy over the registry passwd
  copy: src="passwd-{{env}}" dest=/etc/httpd/conf.d/registry.fedoraproject.org/passwd
        owner=root group=root mode=0644
  notify:
  - reload proxyhttpd
  tags:
  - fedora-web
  - fedora-web/registry
